How important is cybersecurity for startups? With Jon Woolley!

Introducing another of our Advisory Board members, Jonathan Woolley from Atomico, one of Europe’s leading VCs! J is currently the IT Director there with a 20 year career in IT. Over the last 13+ years he has been responsible for Atomico’s technical strategy, system health and the cyber security posture of the firm. He has also supported many high profile partners, VIPs and of course — startups!

I met J over 5 years ago and we instantly clicked! We both felt that startups (and individuals) lack the level of cybersecurity that is really needed in the modern world and J pointed out that it doesn’t have to be expensive.

J is a special part of our team. His experience is vast and transcends the entire venture sphere — from funds through to venture backed businesses and startups. Although he has the build of an actual security guard (word on the street is he holds the Atomico bench-press record…), he is better at cybersecurity! He’s an incredible asset and is our cyber super hero!

So here we go, Jonathan Woolley, IT Director from Atomico, on what aspects of cybersecurity should be prioritised by a startup and why!

Cybersecurity is on the lips of nearly every sales person that calls/linkedIn DM’s your new startup. It’s the new buzz word that has replaced the old favourite: “are you moving to the Cloud?”. As an already stretched Founder with marketing costs/work space costs/recruitment costs, not to mention that one person who really pushes it on expenses, You might be thinking “but really how important is cyber security for my startup”?

At the moment you might be small; so maybe you think you will just fly under the radar… cybersecurity can wait… Unfortunately attackers or threats — as any oversized cyber security study guide will frame them — are now attacking all industries and are looking for low hanging fruit.

To be clear, in this post we will avoid naming specific technologies or vendors. Technologies as software/hardware stacks work very differently depending on your startup’s needs and requirements.

The opening few paragraphs were not written to scare you or anyone, they were written to empower and bring an important issue up your priority list! Now, I would like you to focus your attention on your cybersecurity posture. Here are, what I believe to be, the most important points to consider/cover:

1. Data Protection: When you are considering cyber security the main topic is protecting company data. Data is an asset that we need to protect from threats. Startups often handle sensitive customer data, intellectual property, and proprietary information. Protecting this data is not only essential for regulatory compliance but also for maintaining trust with customers and partners.
2. Regulatory Compliance: Many countries and regions have strict data protection and cybersecurity regulations. Failing to comply with these regulations can result in significant fines and legal consequences. Startups must be aware of and adhere to applicable laws.
3. Reputation and Trust: As the old mantra goes “it can take years to build a brand and seconds to destroy it”. A data breach or security incident can damage a startup’s reputation and erode customer trust. Due to the nature of the internet and social media, you may never fully be able to erase the news of a breach. This could result in lasting damage.
4. Intellectual Property Protection: They’re your ideas don’t lose them… Tech startups often rely on proprietary technology and innovations. Cybersecurity measures are necessary to protect these assets from theft or unauthorised access, safeguarding a startup’s competitive advantage. This will also apply internally; be careful that new employees only have access to the data they need. If an employee changes job roles make sure access rights are reviewed.
5. Business Continuity: Cyberattacks can disrupt operations, lead to downtime, and result in lost revenue. For startups operating on tight budgets, the financial impact of downtime can be significant.
6. Investor Confidence: Investors want to ensure that their investments are secure and that the startups they fund take cybersecurity seriously. Demonstrating strong cybersecurity practices can make a startup more attractive to potential investors.
7. Growing Threat Landscape: Cyber threats continue to evolve and become more sophisticated. Startups are attractive targets because they may have valuable data and limited security resources. Staying vigilant and adapting to emerging threats is crucial.
8. Partner and Customer Requirements: Many larger companies and clients require their tech startup partners to meet specific cybersecurity standards and pass security audits. Having a strong cybersecurity posture can open doors to lucrative partnerships. It’s a founder’s dream to land the big client; the Coca Colas/METAs or Soho house (come on we all want a membership like Verb’s Partner Tom ;) ) but you must expect some technical due diligence if you are going to transact with such firms. That’s without extra DD that could come from legal/finance or government firms.
9. Global Expansion: Let’s be honest your startup may start in barking or boston, in birmingham or berlin but just like any 007 villain, if you want world domination and your startup plans to expand internationally — it will face diverse cybersecurity challenges in different regions. A strong cybersecurity foundation is essential for ensuring a smooth expansion. Different countries will have different risks that should be analysed.
10. Cost Savings: Proactively investing in cybersecurity measures can save a startup money in the long run. Preventing a cyber incident is often far less expensive than dealing with the aftermath of a breach. I would like to stress that with the right advice and a few tools you can be protected. This does not need to cost the world but unfortunately ignoring your cybersecurity posture could cost you your startup.

At the start I mentioned you are probably hounded by calls/linkedin pings/emails regarding cybersecurity. Everyone is selling the blue pill that can solve your cyber security needs. In truth no single tool will do this. Even with the best tool, your people (assets) are a huge part of your security posture. Verb Ventures can certainly help introduce you to some strategic firms that can help. Also if you would like to discuss anything in particular do feel free to reach out directly. Happy to chew the fat (actually trying to cut down a bit so let’s chew the lettuce on this one)…

Jon